John Kelly writes:
Then I ran across sid-milter, and technically, it looked better to me,
so that's what I chose. OTOH, it combines SPF with sender-id.
Disabling the PRA check is a trivial code change. I used to maintain
a sid-milter patch that was partly to expand the range of modes of
operation, including an option to make the PRA check not use v=spf1.
An option not to do PRA at all would be even simpler. If I ever make
a patch for 0.2.10, maybe I'll include such an option.
However, turning off the PRA check would still leave sid-milter doing
a Sender-ID-style SPF check, which currently differs from that done by
spf-milter (no ehlo/ehlo check, for example).
I don't see any way to configure it to fail on SPF only, and ignore
sender-id failures. It has these configuration levels:
0 accept all mail
1 reject if _both_ sender-id and SPF fail
2 reject if _either_ sender-id or SPF fail
3 reject unless _either_ sender-id or SPF pass
4 reject unless _both_ sender-id and SPF pass
5 reject mail for which a "pass" from either test overrides a
"fail" from the other
I can't use option 1, because SPF could fail while sender-id is
neutral, and then I would not detect the SPF failure. I can't use
option 3 or 4, because if both SPF and sender-id are neutral, that
would produce an unwanted rejection.
5 doesn't make sense to me. Maybe they were trying to say either one
passing will override a failure of the other, but "reject mail" seems
to confuse that. Maybe that's just a documentation bug.
It's a documentation bug. 5 was picked up from my patch, and the
description should be "reject mail on a fail from either test unless
the other test returns a pass."
A simple but inefficient way not to use the PRA check would be to set
its result to neutral before the rlevel test at about line 1970 in
sid-filter/sid-filter.c: add a line
sid_result = SM_MARID_NEUTRAL;
This would still pay the price of evaluating the PRA check, but the
result wouldn't be used.
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com